Entitlements

RSS for tag

Entitlements allow specific capabilities or security permissions for your apps.

Posts under Entitlements tag

200 Posts

Post

Replies

Boosts

Views

Activity

Family Controls (Distribution) pending ~1 month after app transfer
Hoping to get visibility on a Family Controls (Distribution) entitlement request pending without status updates after an app transfer. Context: Digital wellbeing app, 500K+ active iOS users Previous team had Family Controls (Distribution) approved and shipping to production App transferred to new team (H2HM68H8PP) ~1 month ago; entitlement re-requested immediately Capability page shows "View Requests (6)" with no approvals, rejections, or updates Developer Support cases opened (102883853173, 20000112879750, 102875975624) — confirmed they cannot check entitlement status Impact: Core app feature depends on Family Controls. Production app for 500K+ users will break once transfer fully propagates at provisioning level. This is a continuity issue, not a new-app launch — entitlement was previously approved on the prior team. Questions: Recommended escalation path for post-transfer entitlement requests? Should I stop resubmitting to avoid queue deprioritization? Could the entitlements team provide a status update? Happy to share bundle ID, previous team ID, and request dates privately with Apple staff.
0
2
601
May ’26
Family Controls (Distribution) — 2 pending requests for 10 days, no status update (WA2MPH4572 + HCQXH9P8VM)
Subject: Family Controls (Distribution) — 2 pending requests for 9 days, no status update (WA2MPH4572 + HCQXH9P8VM) Tags: family-controls Body: Hello Apple Developer Forums and DTS team, I am requesting visibility on the status of two pending Family Controls (Distribution) entitlement requests submitted 10 days ago with no email confirmation or status update. REQUEST DETAILS App: SHIELD Bundle ID: app.shieldme Team ID: 4452N28RUS Request IDs (both submitted on May 6, 2026): WA2MPH4572 HCQXH9P8VM Status: Both showing "Submitted" in Identifiers → app.shieldme → Family Controls (Distribution) → View Requests USE CASE SHIELD is a Brazilian app focused on personal device usage management. The category covers the scenario the app addresses: device owners who want to apply additional access controls to their own apps in case of phone theft or loss, which are widespread concerns in Brazil. SHIELD is NOT a parental control app and does not facilitate management of devices belonging to other people. The device owner is the sole operator. The owner uses the system-provided picker to select which of their own apps should require additional access controls, configured and controlled exclusively by the owner. The use of FamilyControls + ManagedSettings is the iOS API path that allows a third-party app to offer this access-control layer on user-selected apps for the owner's own protection. Without this entitlement, the iOS version cannot offer parity with the Android version of the same product. ALIGNMENT WITH FAMILY CONTROLS USAGE TERMS Device owner is the sole operator (no third-party monitoring) Owner manages access to their own apps only Use case is personal device usage management No advertising or data broker use of device or usage data No organizational deployment Privacy disclosures complying with Brazilian LGPD law are included in-app at first launch ASK Could a DTS Engineer or the entitlements review team confirm whether the two pending requests are visible in the queue and share an approximate timeline? If additional clarification on the use case would help the review proceed, I will provide it the same day. The Android version of SHIELD is feature-complete and currently in beta testing, approaching public launch. The iOS version is designed to launch alongside Android, since the product relies on a referral mechanism where an existing user can invite a contact who may be on either platform. Releasing only one platform breaks the onboarding flow for invitees on the other. Family Controls (Distribution) is the single remaining blocker on the iOS side. If there is a recommended channel for aligning entitlement timing with a coordinated multi-platform release, please advise. Thank you for your time.
0
0
311
May ’26
Wrong value for storekit custom purchase link allowed regions entitlement
Greetings fellow devs, After accepting the Alternative Terms Addendum for Apps in the EU and adding the Storekit External Purchases or Offers capability via App Store Connect in our app identifier, the entitlement showing up in xcode is com.apple.developer.storekit.custom-purchase-link.allowed-regions and has the value 'jp'. How can we change the value for that entitlement to 'gr'? We tried changing it in xcode, but we get the error <Provisioning profile "iOS Team Provisioning Profile: [app identifier]" doesn't match the entitlements file's value for the com.apple.developer.storekit.custom-purchase-link.allowed-regions entitlement.>. In Certificates, Identifiers and Profiles in the developer account there is no way to configure that capability. We sent a request to support and they only gave a link to documentation and to the forum here. We have a completed every business agreement requested and we have chosen Greece as the organisation region and the app's availability region wherever possible. We haven't found anywhere that Japan would be chosen to explain the entitlement given. So where can this entitlement about allowed regions be configured? Xcode version is 16.4 and iOS minimum deployments is 18
2
0
351
May ’26
Family Controls entitlement: no response for over 2 weeks
Hi, I submitted my Family Controls entitlement requests on April 21 for my iOS app, but I still haven’t received an approval, rejection, or any status update. This is blocking my ability to properly test and move forward with the app, since it depends on the Screen Time / Family Controls APIs. Has anyone had a similar delay recently? Is the recommended next step to file a code-level support request with my Team ID, or should I continue waiting? Thanks.
5
3
607
May ’26
Live Activities Permissions
I have a live activity and even after a couple of times that it has shown on my lock screen it keeps prompting the user to tap on Don't Allow or Allow. Can someone help me understand why this is happening? I would like my users to only hit Allow once and not be prompted again, otherwise they would not be registered for updates, since update token only generates after selecting Allow.
2
0
736
May ’26
Family Controls Distribution Entitlement — 13 Days, No Response
Hello, I submitted a Family Controls Distribution entitlement request on May 1st, 2026 and received the generic confirmation page. It has now been 13 days with no approval, rejection or status update. Timeline: May 1st: Submitted request via developer.apple.com/contact/ request/family-controls-distribution → Received confirmation page May 8th: Opened Entitlements ticket via Developer Support → No response after 6 days (despite the stated 2 business day response time) My app Knipsi is a parental control app for the DACH market. It helps families manage screen time by letting children earn credits through completing real-world tasks, with parents approving via Face ID. The app is 100% finished and ready for TestFlight — this entitlement is the only remaining blocker. App Details: Team ID: 5GW9CM8T7U Bundle ID: aquilano.Knipsi Case: 102883106983 Frameworks: FamilyControls, ManagedSettings, DeviceActivity I understand the entitlement review takes time — but what concerns me is that the support ticket opened under Entitlements has also gone unanswered for 6 days, despite the advertised 2 business day response time. Could anyone share how long the Family Controls Distribution approval currently takes? And is there a recommended way to follow up when support tickets go unanswered? Thank you
1
0
417
May ’26
Local network permission
Hi everyone, We are working on an app that requires access to devices on the local network (Bonjour / LAN discovery + direct socket communication). We are currently struggling with the Local Network privacy permission flow introduced by Apple. From our understanding, there is no dedicated public API to explicitly request Local Network permission or to reliably determine the current authorization state before attempting network activity. We have tried several commonly suggested approaches to trigger the permission dialog, including: Bonjour browsing via NWBrowser Publishing/listening with NetService UDP/TCP socket attempts on local subnet NWConnection / NWListener Triggering discovery after app launch and after foreground transitions We already added the required entries in: NSLocalNetworkUsageDescription NSBonjourServices However, the behavior is inconsistent across devices and OS versions: Sometimes the popup appears immediately Sometimes it never appears Sometimes network operations silently fail without callback clarity In some cases callbacks are delayed or ambiguous Reinstalling/resetting permissions changes behavior unpredictably Our main challenges are: What is currently considered the most reliable Apple-approved method to trigger the Local Network permission prompt? Is there any officially recommended way to determine whether permission is: not determined denied granted Is there any reliable callback or state transition API developers should use? Are there known differences between: NWBrowser NetService BSD sockets NWConnection when it comes to triggering the permission dialog? Are there recommended retry/timing patterns to avoid race conditions during app launch? Is Apple planning to introduce a dedicated authorization API similar to: AVAuthorizationStatus CLAuthorizationStatus PHPhotoLibrary.authorizationStatus() Right now it feels difficult to provide a reliable UX because there is no deterministic way to: proactively request access observe authorization state recover gracefully when the prompt does not appear Any guidance, DTS references, WWDC sessions, or recommended implementation patterns would be greatly appreciated. Thanks!
1
0
344
May ’26
Family Controls Distribution entitlement — requests submitted 2+ weeks ago, all still "Submitted"
I've been waiting on the Family Controls distribution entitlement for my app for over two weeks with use case to self direct app and sites blocking Setup: Development entitlement: ✅ approved and working Request ID: 27684X55GC The blocker: Xcode warns: "Bundle identifier is using development only version of Family Controls (Development) capability. Please request access to Family Controls (Distribution)." Archiving for App Store fails with provisioning profile errors on all my targets Questions: Is 2+ weeks normal for distribution entitlement approval? Any recommended path to escalate besides the request form and have also emailed apple support?
0
0
448
May ’26
Family Controls entitlement: no response for over 1 month
Hi, I submitted my Family Controls entitlement requests on April 15 for my iOS app, but I still haven’t received an approval, rejection, or any status update. This is blocking my ability to properly test and move forward with the app, since it depends on the Screen Time / Family Controls APIs. I've tried contact to apple developer support and filed a code-level support on app connect dashboard. and still nothing received. Here is the request information: code-level support case id: 19834379 apple developer support case id: 102878196850 Family Controls Distribution RequestId: BT4C47F5VB,SLP56WRZ3J,BZ7MF3R4FF,5HAY5UF5X2,P49SM5C859,KG2T2X2L76,N353H759C4 Thanks.
0
0
537
May ’26
MSAL login with Developer ID signed app
Hello, I would like to have MSAL login fully working in a Developer ID signed macOS application. I am using the following library for adding MSAL support to my macOS app : https://github.com/AzureAD/microsoft-authentication-library-for-objc . The MSAL login (even silent login via the MSAL broker) works fully via my company Entra ID when I run and test my local dev build. But : when I build and sign and notarize my application with a company Developer ID signature, the login fails, and I see keychain access related issues in the MSAL library log entries. The MSAL library requires the following keychain access groups to be enabled : $(AppIdentifierPrefix)com.company.app.bundle.id $(AppIdentifierPrefix)com.microsoft.identity.universalstorage The above requirement is confirmed under these links: https://learn.microsoft.com/en-us/entra/msal/objc/howto-v2-keychain-objc?tabs=objc and also their sample app : https://github.com/AzureAD/microsoft-authentication-library-for-objc/blob/410256714ee0489d212c0cbd8772259a69e7d862/MSAL/test/app/mac/MSALMacTestApp.entitlements#L18 The problem seems to be that such keychain access groups access cannot be configured for Developer ID signed applications. Would it be possible to enable such Keychain Access groups somehow for a Developer ID signed application? Thank you for any help in advance!
1
0
408
May ’26
FamilyControls distribution pending for 14+ days and not sure about approach
Hi, I'm building a wellness app called that helps users manage their phone usage based on their consumption, using the Screen Time API. I need the Family Controls (Distribution) entitlement to ship it. I've already submitted multiple requests across all my bundle IDs, but due to the lack of confirmation feedback after each submission, I may have submitted more than needed. Regardless, the oldest request submitted was on April 22nd (exactly 2 weeks ago), without any reply or change. Is this normal ? Also, I came across a forum post (https://developer.apple.com/forums/thread/821964?answerId=885672022#885672022) suggesting that the entitlement is now scoped at the team level rather than per bundle ID, and that I should resubmit a single request. I want to do the right thing here but I'm not sure whether to resubmit or wait and I don't want to make the situation worse than it already is. We're about a month away from our launch date and this is the last remaining blocker for both TestFlight and App Store submission. Any guidance on next steps, or help prioritizing this, would mean a lot. Thanks so much,
2
1
755
May ’26
I requested "DirverKit UserClient Access" Entitlement, But I Distribute App failed.
I requested "DirverKit UserClient Access" Entitlement, But I Distribute App failed. I don't know the reason. I think when I request "DirverKit UserClient Access" I make a mistake. I fill in two Bundle ids in the "Request a System Extension or DriverKit Entitlement" form's "UserClient Bundle IDs" item. The reason is when I Add "DirverKit UserClient Access" Capability in the project of Xcode. The .entitlements file is like this: <string>com.turing.TuringTouch com.turing.TuringTouch.TouchDriver</string> But in "Signing" of Xcode's "Bundle Identifier" can fill in only on "Identifier" therefore they do not match. So I can't Distribute App. I reapply "DirverKit UserClient Access" Entitlement. But decline. The result is "decline". Please help me. Please tell me, how should can I do now? Thank you very much.
3
0
546
May ’26
Provisioning profiles marked "Ineligible" for Contactless Pass Provisioning even though entitlement is present in profile
We are seeing what looks like a signing / managed-capability mismatch for Contactless Pass Provisioning. Environment Team ID: S7AUTD2C2B Bundle IDs: com.swiftpass.ios com.swiftpass.ios.dev Xcode: 26.4 macOS: 26.4 Problem Our app has had Contactless Pass Provisioning approved by Apple for a long time, and builds were working until a few days ago. Without any intentional signing/capability changes on our side, Xcode started failing with the following error: Provisioning profile "Swiftpass prod Appstore" doesn't include the Contactless Pass Provisioning capability. Contactless Pass Provisioning capability needs to be assigned to your team and bundle identifier by Apple in order to be included in a profile. Observed behavior Xcode marks the relevant provisioning profiles as "Ineligible" in the profile selector. This affects both development/debug and release/App Store builds. If we remove Contactless Pass Provisioning from the app entitlements/capabilities, the exact same profiles immediately become eligible and the signing error disappears. Important detail The downloaded provisioning profiles already contain the entitlement that Xcode claims is missing. We verified the downloaded profile with: security cms -D -i /Users/sergej/Downloads/Swiftpass_prod_Appstore\(1\).mobileprovision and it contains: <key>com.apple.developer.contactless-payment-pass-provisioning</key> <array> <string>shareablecredential</string> </array> So the issue appears to be that the profile contents look correct the capability is still present in the developer portal but Xcode's eligibility check still says the profile does not include the capability What we verified Contactless Pass Provisioning is still enabled for the App ID in the Apple Developer portal Newly recreated / redownloaded profiles still contain the entitlement Both dev and distribution profiles are affected The behavior is reproducible across profile refreshes and local cleanup What we already tried Reinstalled Xcode Updated Xcode and macOS Updated command line tools Cleaned DerivedData Deleted local provisioning profile cache Refreshed/redownloaded profiles from Xcode Recreated provisioning profiles in the developer portal Removed and re-added the capability in Xcode Expected behavior If the downloaded provisioning profile contains com.apple.developer.contactless-payment-pass-provisioning, Xcode should treat that profile as eligible. Actual behavior Xcode reports that the capability is missing and marks the profile as ineligible, even though the entitlement is present in the downloaded profile. Question Has anyone seen this specific mismatch with Contactless Pass Provisioning or other managed capabilities? This currently looks like either: an Apple backend/App ID capability-assignment sync problem, or an Xcode eligibility-validation bug for managed capabilities Feedback Assistant ID: FB22439399. It contains screenshots that showcase the issue as well.
26
7
2.9k
May ’26
com.apple.developer.automatic-assessment-configuration entitlement missing from manually downloaded Distribution/InHouse Provisioning Profile
We are implementing an exam mode feature for an educational app used in schools, which restricts device usage during assessments. We requested the Automatic Assessment Configuration capability, received approval from Apple, and confirmed that the capability is listed as Assigned under our App ID in the Apple Developer portal. What works: When using a Development Provisioning Profile (downloaded from the portal), the entitlement key com.apple.developer.automatic-assessment-configuration is included in the profile, and our exam lock feature works correctly in development testing. The problem: When we manually download a Distribution (InHouse/Enterprise) Provisioning Profile from the portal — even after creating a new one — the entitlement key com.apple.developer.automatic-assessment-configuration is not present in the profile. verified this by running: security cms -D -i YourProfile.mobileprovision The key appears in the Development PP but is absent in the manually downloaded Distribution PP, despite the App ID showing the capability as Assigned. Note: When using Xcode's automatic signing, the generated profile does include the entitlement correctly. However, due to our organization's internal security policy, we are required to use manually managed provisioning profiles and cannot use Xcode automatic signing for distribution builds. Questions: Is the com.apple.developer.automatic-assessment-configuration entitlement intentionally restricted to Development profiles only, or is this a known portal issue with managed capabilities not being embedded in manually created Distribution profiles? Is it technically supported and intended to use AEAssessmentSession in an InHouse (Enterprise) distribution environment? If InHouse is not supported, is the correct path to test internally via Development profiles and then submit through App Store distribution to include this entitlement in production? Any guidance on the correct technical direction would be greatly appreciated.
3
0
680
May ’26
Mac (Designed for iPad) cannot access microphone
I have an application that is a VOIP application of sorts that needs access to the microphone. I am using the Mac (Designed for iPad) support to not have to do huge amounts of conditional building and support for all the many iOS specific things my app includes. I never get prompted to allow microphone permissions and I never see my app name appear in Privacy & Security -> Microphone permissions setup. So is it that Mac is just a dead end for any form of an application that needs a microphone and is running under Mac (Designed for iPad) compatibility mode? Why doesn't TCC have some mechanism to notice and grant access to mic use?
3
0
758
May ’26
WeatherKit fails with WeatherDaemon JWT permission denied despite valid entitlement/profile
Hi, I’m seeing WeatherKit fail on device with a JWT permission error even though the app appears to be signed correctly with the WeatherKit entitlement. Error: Failed to generate jwt token for: com.apple.weatherkit.authservice Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Setup verified: iOS physical device, tested after clean install/reboot Tested on more than one physical device Bundle ID: com.elilindenDinematch.Al-Outfits Team ID: FYGW4LHN42 App ID has WeatherKit capability enabled Fresh provisioning profile includes: application-identifier = FYGW4LHN42.com.elilindenDinematch.Al-Outfits com.apple.developer.team-identifier = FYGW4LHN42 com.apple.developer.weatherkit = true Signed app binary entitlements also include com.apple.developer.weatherkit = true codesign -dv confirms TeamIdentifier=FYGW4LHN42 Cleared DerivedData and regenerated/reinstalled with a fresh profile Toggled WeatherKit capability off/on in Developer portal and regenerated profile The failure occurs when calling: let weather = try await WeatherKit.WeatherService.shared.weather(for: location) The request takes a few seconds before failing, which makes it seem like the WeatherKit daemon is reaching Apple’s auth service but being rejected during JWT generation. Has anyone seen WeatherKit entitlement propagation get stuck server-side for a specific Team ID + Bundle ID? Is there anything else I can verify locally, or does this require Apple to inspect the WeatherKit auth service registration for this App ID?
0
1
411
May ’26
Family Controls entitlement not applied to new Shield extension
Hi, Our team already has the Family Controls (Distribution) entitlement approved for the main app and existing Screen Time extensions. We recently added a new Shield Configuration extension to show a custom on-device shield UI using ManagedSettingsUI. It is only used for UI rendering and does not collect or send any user data. However, the entitlement does not seem to be applied to this new extension yet, and we are blocked from proceeding with builds. We have already contacted support but haven’t received an update yet. Case ID: 102881099623 It’s been days without any update, and this has become really stressful for our team since we’re completely blocked at the final step after months of work on this app. Could someone please help to apply/sync the Family Controls distribution entitlement or guide us on the next steps? Happy to share app details privately if needed. Thanks.
0
0
629
May ’26
Family Controls entitlement not applied to new Shield extension
Our team already has Family Controls (Distribution) entitlement approved for the main app and existing Screen Time extensions. We recently added a new Shield Configuration extension to show a custom on-device shield UI using ManagedSettingsUI. It is only used for UI rendering and does not collect or send any user data. However, the entitlement does not seem to be applied to this new extension yet, and we are blocked from proceeding with builds. We have already contacted support but haven’t received an update yet. Case ID: 102881099623 Could someone please help to apply/sync for the Family Controls distribution entitlement or guide us on the next steps? Happy to share app details privately if needed. Thanks.
1
1
433
May ’26
Is it possible to locally test a Network Extension without a paid development account?
I've searched these terms all over the place and have found only a confusing mishmash of things that were probably true years ago but no longer seem to reflect today's reality so I'm posting it here to hopefully add a definitive 2026 answer to these search results for myself and others. The existence of the DNS Proxy Network Extension protocol in 10.15 has given me an idea. I would like to test this idea to see if it is worth developing further or a complete waste of time. This test does not need to run on any device anywhere in the world other than the one in front of me so I would prefer not to spend $100 just to see if I can make a small code fragment do a silly trick. XCode sadly refuses to build my Network Extension target when I only have a "Personal Team" to sign with: Personal development teams, including "XXXX XXXX", do not support the Network Extensions capability. Can this be done or is Apple just 100% pay-to-play nowadays? I have zero problems disabling SIPS or any other consumer grade protections if that will actually achieve my goal but I've read enough comments from people saying it didn't work that I haven't bothered trying. Thanks for reading. OS: 15.7.5 (24G624) XCode Version 26.3 (17C529)
2
0
315
May ’26
Family Controls Distribution — 2 submissions, no response
Hello, I have submitted the Family Controls Distribution entitlement request twice, but I have not received any confirmation email or follow-up number for either submission. App: parental control app Bundle ID: com.learnunlock.app Use case: We use FamilyControls (authorization), ManagedSettings (shield apps), and DeviceActivity (schedule restrictions) to help families manage screen time. Could anyone from Apple please check the status of my submissions, or advise on next steps? Thank you.
0
0
182
May ’26
Family Controls (Distribution) pending ~1 month after app transfer
Hoping to get visibility on a Family Controls (Distribution) entitlement request pending without status updates after an app transfer. Context: Digital wellbeing app, 500K+ active iOS users Previous team had Family Controls (Distribution) approved and shipping to production App transferred to new team (H2HM68H8PP) ~1 month ago; entitlement re-requested immediately Capability page shows "View Requests (6)" with no approvals, rejections, or updates Developer Support cases opened (102883853173, 20000112879750, 102875975624) — confirmed they cannot check entitlement status Impact: Core app feature depends on Family Controls. Production app for 500K+ users will break once transfer fully propagates at provisioning level. This is a continuity issue, not a new-app launch — entitlement was previously approved on the prior team. Questions: Recommended escalation path for post-transfer entitlement requests? Should I stop resubmitting to avoid queue deprioritization? Could the entitlements team provide a status update? Happy to share bundle ID, previous team ID, and request dates privately with Apple staff.
Replies
0
Boosts
2
Views
601
Activity
May ’26
Family Controls (Distribution) — 2 pending requests for 10 days, no status update (WA2MPH4572 + HCQXH9P8VM)
Subject: Family Controls (Distribution) — 2 pending requests for 9 days, no status update (WA2MPH4572 + HCQXH9P8VM) Tags: family-controls Body: Hello Apple Developer Forums and DTS team, I am requesting visibility on the status of two pending Family Controls (Distribution) entitlement requests submitted 10 days ago with no email confirmation or status update. REQUEST DETAILS App: SHIELD Bundle ID: app.shieldme Team ID: 4452N28RUS Request IDs (both submitted on May 6, 2026): WA2MPH4572 HCQXH9P8VM Status: Both showing "Submitted" in Identifiers → app.shieldme → Family Controls (Distribution) → View Requests USE CASE SHIELD is a Brazilian app focused on personal device usage management. The category covers the scenario the app addresses: device owners who want to apply additional access controls to their own apps in case of phone theft or loss, which are widespread concerns in Brazil. SHIELD is NOT a parental control app and does not facilitate management of devices belonging to other people. The device owner is the sole operator. The owner uses the system-provided picker to select which of their own apps should require additional access controls, configured and controlled exclusively by the owner. The use of FamilyControls + ManagedSettings is the iOS API path that allows a third-party app to offer this access-control layer on user-selected apps for the owner's own protection. Without this entitlement, the iOS version cannot offer parity with the Android version of the same product. ALIGNMENT WITH FAMILY CONTROLS USAGE TERMS Device owner is the sole operator (no third-party monitoring) Owner manages access to their own apps only Use case is personal device usage management No advertising or data broker use of device or usage data No organizational deployment Privacy disclosures complying with Brazilian LGPD law are included in-app at first launch ASK Could a DTS Engineer or the entitlements review team confirm whether the two pending requests are visible in the queue and share an approximate timeline? If additional clarification on the use case would help the review proceed, I will provide it the same day. The Android version of SHIELD is feature-complete and currently in beta testing, approaching public launch. The iOS version is designed to launch alongside Android, since the product relies on a referral mechanism where an existing user can invite a contact who may be on either platform. Releasing only one platform breaks the onboarding flow for invitees on the other. Family Controls (Distribution) is the single remaining blocker on the iOS side. If there is a recommended channel for aligning entitlement timing with a coordinated multi-platform release, please advise. Thank you for your time.
Replies
0
Boosts
0
Views
311
Activity
May ’26
Wrong value for storekit custom purchase link allowed regions entitlement
Greetings fellow devs, After accepting the Alternative Terms Addendum for Apps in the EU and adding the Storekit External Purchases or Offers capability via App Store Connect in our app identifier, the entitlement showing up in xcode is com.apple.developer.storekit.custom-purchase-link.allowed-regions and has the value 'jp'. How can we change the value for that entitlement to 'gr'? We tried changing it in xcode, but we get the error <Provisioning profile "iOS Team Provisioning Profile: [app identifier]" doesn't match the entitlements file's value for the com.apple.developer.storekit.custom-purchase-link.allowed-regions entitlement.>. In Certificates, Identifiers and Profiles in the developer account there is no way to configure that capability. We sent a request to support and they only gave a link to documentation and to the forum here. We have a completed every business agreement requested and we have chosen Greece as the organisation region and the app's availability region wherever possible. We haven't found anywhere that Japan would be chosen to explain the entitlement given. So where can this entitlement about allowed regions be configured? Xcode version is 16.4 and iOS minimum deployments is 18
Replies
2
Boosts
0
Views
351
Activity
May ’26
Family Controls entitlement: no response for over 2 weeks
Hi, I submitted my Family Controls entitlement requests on April 21 for my iOS app, but I still haven’t received an approval, rejection, or any status update. This is blocking my ability to properly test and move forward with the app, since it depends on the Screen Time / Family Controls APIs. Has anyone had a similar delay recently? Is the recommended next step to file a code-level support request with my Team ID, or should I continue waiting? Thanks.
Replies
5
Boosts
3
Views
607
Activity
May ’26
Live Activities Permissions
I have a live activity and even after a couple of times that it has shown on my lock screen it keeps prompting the user to tap on Don't Allow or Allow. Can someone help me understand why this is happening? I would like my users to only hit Allow once and not be prompted again, otherwise they would not be registered for updates, since update token only generates after selecting Allow.
Replies
2
Boosts
0
Views
736
Activity
May ’26
Family Controls Distribution Entitlement — 13 Days, No Response
Hello, I submitted a Family Controls Distribution entitlement request on May 1st, 2026 and received the generic confirmation page. It has now been 13 days with no approval, rejection or status update. Timeline: May 1st: Submitted request via developer.apple.com/contact/ request/family-controls-distribution → Received confirmation page May 8th: Opened Entitlements ticket via Developer Support → No response after 6 days (despite the stated 2 business day response time) My app Knipsi is a parental control app for the DACH market. It helps families manage screen time by letting children earn credits through completing real-world tasks, with parents approving via Face ID. The app is 100% finished and ready for TestFlight — this entitlement is the only remaining blocker. App Details: Team ID: 5GW9CM8T7U Bundle ID: aquilano.Knipsi Case: 102883106983 Frameworks: FamilyControls, ManagedSettings, DeviceActivity I understand the entitlement review takes time — but what concerns me is that the support ticket opened under Entitlements has also gone unanswered for 6 days, despite the advertised 2 business day response time. Could anyone share how long the Family Controls Distribution approval currently takes? And is there a recommended way to follow up when support tickets go unanswered? Thank you
Replies
1
Boosts
0
Views
417
Activity
May ’26
Local network permission
Hi everyone, We are working on an app that requires access to devices on the local network (Bonjour / LAN discovery + direct socket communication). We are currently struggling with the Local Network privacy permission flow introduced by Apple. From our understanding, there is no dedicated public API to explicitly request Local Network permission or to reliably determine the current authorization state before attempting network activity. We have tried several commonly suggested approaches to trigger the permission dialog, including: Bonjour browsing via NWBrowser Publishing/listening with NetService UDP/TCP socket attempts on local subnet NWConnection / NWListener Triggering discovery after app launch and after foreground transitions We already added the required entries in: NSLocalNetworkUsageDescription NSBonjourServices However, the behavior is inconsistent across devices and OS versions: Sometimes the popup appears immediately Sometimes it never appears Sometimes network operations silently fail without callback clarity In some cases callbacks are delayed or ambiguous Reinstalling/resetting permissions changes behavior unpredictably Our main challenges are: What is currently considered the most reliable Apple-approved method to trigger the Local Network permission prompt? Is there any officially recommended way to determine whether permission is: not determined denied granted Is there any reliable callback or state transition API developers should use? Are there known differences between: NWBrowser NetService BSD sockets NWConnection when it comes to triggering the permission dialog? Are there recommended retry/timing patterns to avoid race conditions during app launch? Is Apple planning to introduce a dedicated authorization API similar to: AVAuthorizationStatus CLAuthorizationStatus PHPhotoLibrary.authorizationStatus() Right now it feels difficult to provide a reliable UX because there is no deterministic way to: proactively request access observe authorization state recover gracefully when the prompt does not appear Any guidance, DTS references, WWDC sessions, or recommended implementation patterns would be greatly appreciated. Thanks!
Replies
1
Boosts
0
Views
344
Activity
May ’26
Family Controls Distribution entitlement — requests submitted 2+ weeks ago, all still "Submitted"
I've been waiting on the Family Controls distribution entitlement for my app for over two weeks with use case to self direct app and sites blocking Setup: Development entitlement: ✅ approved and working Request ID: 27684X55GC The blocker: Xcode warns: "Bundle identifier is using development only version of Family Controls (Development) capability. Please request access to Family Controls (Distribution)." Archiving for App Store fails with provisioning profile errors on all my targets Questions: Is 2+ weeks normal for distribution entitlement approval? Any recommended path to escalate besides the request form and have also emailed apple support?
Replies
0
Boosts
0
Views
448
Activity
May ’26
Family Controls entitlement: no response for over 1 month
Hi, I submitted my Family Controls entitlement requests on April 15 for my iOS app, but I still haven’t received an approval, rejection, or any status update. This is blocking my ability to properly test and move forward with the app, since it depends on the Screen Time / Family Controls APIs. I've tried contact to apple developer support and filed a code-level support on app connect dashboard. and still nothing received. Here is the request information: code-level support case id: 19834379 apple developer support case id: 102878196850 Family Controls Distribution RequestId: BT4C47F5VB,SLP56WRZ3J,BZ7MF3R4FF,5HAY5UF5X2,P49SM5C859,KG2T2X2L76,N353H759C4 Thanks.
Replies
0
Boosts
0
Views
537
Activity
May ’26
MSAL login with Developer ID signed app
Hello, I would like to have MSAL login fully working in a Developer ID signed macOS application. I am using the following library for adding MSAL support to my macOS app : https://github.com/AzureAD/microsoft-authentication-library-for-objc . The MSAL login (even silent login via the MSAL broker) works fully via my company Entra ID when I run and test my local dev build. But : when I build and sign and notarize my application with a company Developer ID signature, the login fails, and I see keychain access related issues in the MSAL library log entries. The MSAL library requires the following keychain access groups to be enabled : $(AppIdentifierPrefix)com.company.app.bundle.id $(AppIdentifierPrefix)com.microsoft.identity.universalstorage The above requirement is confirmed under these links: https://learn.microsoft.com/en-us/entra/msal/objc/howto-v2-keychain-objc?tabs=objc and also their sample app : https://github.com/AzureAD/microsoft-authentication-library-for-objc/blob/410256714ee0489d212c0cbd8772259a69e7d862/MSAL/test/app/mac/MSALMacTestApp.entitlements#L18 The problem seems to be that such keychain access groups access cannot be configured for Developer ID signed applications. Would it be possible to enable such Keychain Access groups somehow for a Developer ID signed application? Thank you for any help in advance!
Replies
1
Boosts
0
Views
408
Activity
May ’26
FamilyControls distribution pending for 14+ days and not sure about approach
Hi, I'm building a wellness app called that helps users manage their phone usage based on their consumption, using the Screen Time API. I need the Family Controls (Distribution) entitlement to ship it. I've already submitted multiple requests across all my bundle IDs, but due to the lack of confirmation feedback after each submission, I may have submitted more than needed. Regardless, the oldest request submitted was on April 22nd (exactly 2 weeks ago), without any reply or change. Is this normal ? Also, I came across a forum post (https://developer.apple.com/forums/thread/821964?answerId=885672022#885672022) suggesting that the entitlement is now scoped at the team level rather than per bundle ID, and that I should resubmit a single request. I want to do the right thing here but I'm not sure whether to resubmit or wait and I don't want to make the situation worse than it already is. We're about a month away from our launch date and this is the last remaining blocker for both TestFlight and App Store submission. Any guidance on next steps, or help prioritizing this, would mean a lot. Thanks so much,
Replies
2
Boosts
1
Views
755
Activity
May ’26
I requested "DirverKit UserClient Access" Entitlement, But I Distribute App failed.
I requested "DirverKit UserClient Access" Entitlement, But I Distribute App failed. I don't know the reason. I think when I request "DirverKit UserClient Access" I make a mistake. I fill in two Bundle ids in the "Request a System Extension or DriverKit Entitlement" form's "UserClient Bundle IDs" item. The reason is when I Add "DirverKit UserClient Access" Capability in the project of Xcode. The .entitlements file is like this: <string>com.turing.TuringTouch com.turing.TuringTouch.TouchDriver</string> But in "Signing" of Xcode's "Bundle Identifier" can fill in only on "Identifier" therefore they do not match. So I can't Distribute App. I reapply "DirverKit UserClient Access" Entitlement. But decline. The result is "decline". Please help me. Please tell me, how should can I do now? Thank you very much.
Replies
3
Boosts
0
Views
546
Activity
May ’26
Provisioning profiles marked "Ineligible" for Contactless Pass Provisioning even though entitlement is present in profile
We are seeing what looks like a signing / managed-capability mismatch for Contactless Pass Provisioning. Environment Team ID: S7AUTD2C2B Bundle IDs: com.swiftpass.ios com.swiftpass.ios.dev Xcode: 26.4 macOS: 26.4 Problem Our app has had Contactless Pass Provisioning approved by Apple for a long time, and builds were working until a few days ago. Without any intentional signing/capability changes on our side, Xcode started failing with the following error: Provisioning profile "Swiftpass prod Appstore" doesn't include the Contactless Pass Provisioning capability. Contactless Pass Provisioning capability needs to be assigned to your team and bundle identifier by Apple in order to be included in a profile. Observed behavior Xcode marks the relevant provisioning profiles as "Ineligible" in the profile selector. This affects both development/debug and release/App Store builds. If we remove Contactless Pass Provisioning from the app entitlements/capabilities, the exact same profiles immediately become eligible and the signing error disappears. Important detail The downloaded provisioning profiles already contain the entitlement that Xcode claims is missing. We verified the downloaded profile with: security cms -D -i /Users/sergej/Downloads/Swiftpass_prod_Appstore\(1\).mobileprovision and it contains: <key>com.apple.developer.contactless-payment-pass-provisioning</key> <array> <string>shareablecredential</string> </array> So the issue appears to be that the profile contents look correct the capability is still present in the developer portal but Xcode's eligibility check still says the profile does not include the capability What we verified Contactless Pass Provisioning is still enabled for the App ID in the Apple Developer portal Newly recreated / redownloaded profiles still contain the entitlement Both dev and distribution profiles are affected The behavior is reproducible across profile refreshes and local cleanup What we already tried Reinstalled Xcode Updated Xcode and macOS Updated command line tools Cleaned DerivedData Deleted local provisioning profile cache Refreshed/redownloaded profiles from Xcode Recreated provisioning profiles in the developer portal Removed and re-added the capability in Xcode Expected behavior If the downloaded provisioning profile contains com.apple.developer.contactless-payment-pass-provisioning, Xcode should treat that profile as eligible. Actual behavior Xcode reports that the capability is missing and marks the profile as ineligible, even though the entitlement is present in the downloaded profile. Question Has anyone seen this specific mismatch with Contactless Pass Provisioning or other managed capabilities? This currently looks like either: an Apple backend/App ID capability-assignment sync problem, or an Xcode eligibility-validation bug for managed capabilities Feedback Assistant ID: FB22439399. It contains screenshots that showcase the issue as well.
Replies
26
Boosts
7
Views
2.9k
Activity
May ’26
com.apple.developer.automatic-assessment-configuration entitlement missing from manually downloaded Distribution/InHouse Provisioning Profile
We are implementing an exam mode feature for an educational app used in schools, which restricts device usage during assessments. We requested the Automatic Assessment Configuration capability, received approval from Apple, and confirmed that the capability is listed as Assigned under our App ID in the Apple Developer portal. What works: When using a Development Provisioning Profile (downloaded from the portal), the entitlement key com.apple.developer.automatic-assessment-configuration is included in the profile, and our exam lock feature works correctly in development testing. The problem: When we manually download a Distribution (InHouse/Enterprise) Provisioning Profile from the portal — even after creating a new one — the entitlement key com.apple.developer.automatic-assessment-configuration is not present in the profile. verified this by running: security cms -D -i YourProfile.mobileprovision The key appears in the Development PP but is absent in the manually downloaded Distribution PP, despite the App ID showing the capability as Assigned. Note: When using Xcode's automatic signing, the generated profile does include the entitlement correctly. However, due to our organization's internal security policy, we are required to use manually managed provisioning profiles and cannot use Xcode automatic signing for distribution builds. Questions: Is the com.apple.developer.automatic-assessment-configuration entitlement intentionally restricted to Development profiles only, or is this a known portal issue with managed capabilities not being embedded in manually created Distribution profiles? Is it technically supported and intended to use AEAssessmentSession in an InHouse (Enterprise) distribution environment? If InHouse is not supported, is the correct path to test internally via Development profiles and then submit through App Store distribution to include this entitlement in production? Any guidance on the correct technical direction would be greatly appreciated.
Replies
3
Boosts
0
Views
680
Activity
May ’26
Mac (Designed for iPad) cannot access microphone
I have an application that is a VOIP application of sorts that needs access to the microphone. I am using the Mac (Designed for iPad) support to not have to do huge amounts of conditional building and support for all the many iOS specific things my app includes. I never get prompted to allow microphone permissions and I never see my app name appear in Privacy & Security -> Microphone permissions setup. So is it that Mac is just a dead end for any form of an application that needs a microphone and is running under Mac (Designed for iPad) compatibility mode? Why doesn't TCC have some mechanism to notice and grant access to mic use?
Replies
3
Boosts
0
Views
758
Activity
May ’26
WeatherKit fails with WeatherDaemon JWT permission denied despite valid entitlement/profile
Hi, I’m seeing WeatherKit fail on device with a JWT permission error even though the app appears to be signed correctly with the WeatherKit entitlement. Error: Failed to generate jwt token for: com.apple.weatherkit.authservice Error Domain=WeatherDaemon.WDSJWTAuthenticatorServiceListener.Errors Code=2 "(null)" Setup verified: iOS physical device, tested after clean install/reboot Tested on more than one physical device Bundle ID: com.elilindenDinematch.Al-Outfits Team ID: FYGW4LHN42 App ID has WeatherKit capability enabled Fresh provisioning profile includes: application-identifier = FYGW4LHN42.com.elilindenDinematch.Al-Outfits com.apple.developer.team-identifier = FYGW4LHN42 com.apple.developer.weatherkit = true Signed app binary entitlements also include com.apple.developer.weatherkit = true codesign -dv confirms TeamIdentifier=FYGW4LHN42 Cleared DerivedData and regenerated/reinstalled with a fresh profile Toggled WeatherKit capability off/on in Developer portal and regenerated profile The failure occurs when calling: let weather = try await WeatherKit.WeatherService.shared.weather(for: location) The request takes a few seconds before failing, which makes it seem like the WeatherKit daemon is reaching Apple’s auth service but being rejected during JWT generation. Has anyone seen WeatherKit entitlement propagation get stuck server-side for a specific Team ID + Bundle ID? Is there anything else I can verify locally, or does this require Apple to inspect the WeatherKit auth service registration for this App ID?
Replies
0
Boosts
1
Views
411
Activity
May ’26
Family Controls entitlement not applied to new Shield extension
Hi, Our team already has the Family Controls (Distribution) entitlement approved for the main app and existing Screen Time extensions. We recently added a new Shield Configuration extension to show a custom on-device shield UI using ManagedSettingsUI. It is only used for UI rendering and does not collect or send any user data. However, the entitlement does not seem to be applied to this new extension yet, and we are blocked from proceeding with builds. We have already contacted support but haven’t received an update yet. Case ID: 102881099623 It’s been days without any update, and this has become really stressful for our team since we’re completely blocked at the final step after months of work on this app. Could someone please help to apply/sync the Family Controls distribution entitlement or guide us on the next steps? Happy to share app details privately if needed. Thanks.
Replies
0
Boosts
0
Views
629
Activity
May ’26
Family Controls entitlement not applied to new Shield extension
Our team already has Family Controls (Distribution) entitlement approved for the main app and existing Screen Time extensions. We recently added a new Shield Configuration extension to show a custom on-device shield UI using ManagedSettingsUI. It is only used for UI rendering and does not collect or send any user data. However, the entitlement does not seem to be applied to this new extension yet, and we are blocked from proceeding with builds. We have already contacted support but haven’t received an update yet. Case ID: 102881099623 Could someone please help to apply/sync for the Family Controls distribution entitlement or guide us on the next steps? Happy to share app details privately if needed. Thanks.
Replies
1
Boosts
1
Views
433
Activity
May ’26
Is it possible to locally test a Network Extension without a paid development account?
I've searched these terms all over the place and have found only a confusing mishmash of things that were probably true years ago but no longer seem to reflect today's reality so I'm posting it here to hopefully add a definitive 2026 answer to these search results for myself and others. The existence of the DNS Proxy Network Extension protocol in 10.15 has given me an idea. I would like to test this idea to see if it is worth developing further or a complete waste of time. This test does not need to run on any device anywhere in the world other than the one in front of me so I would prefer not to spend $100 just to see if I can make a small code fragment do a silly trick. XCode sadly refuses to build my Network Extension target when I only have a "Personal Team" to sign with: Personal development teams, including "XXXX XXXX", do not support the Network Extensions capability. Can this be done or is Apple just 100% pay-to-play nowadays? I have zero problems disabling SIPS or any other consumer grade protections if that will actually achieve my goal but I've read enough comments from people saying it didn't work that I haven't bothered trying. Thanks for reading. OS: 15.7.5 (24G624) XCode Version 26.3 (17C529)
Replies
2
Boosts
0
Views
315
Activity
May ’26
Family Controls Distribution — 2 submissions, no response
Hello, I have submitted the Family Controls Distribution entitlement request twice, but I have not received any confirmation email or follow-up number for either submission. App: parental control app Bundle ID: com.learnunlock.app Use case: We use FamilyControls (authorization), ManagedSettings (shield apps), and DeviceActivity (schedule restrictions) to help families manage screen time. Could anyone from Apple please check the status of my submissions, or advise on next steps? Thank you.
Replies
0
Boosts
0
Views
182
Activity
May ’26